All Versions
57
Latest Version
Avg Release Cycle
47 days
Latest Release
939 days ago
Changelog History
Page 1
Changelog History
Page 1
-
v5.5.0-M1 Changes
November 04, 2020๐ฑ โญ New Features
- Add unsupported_token_type in OAuth2ErrorCodes #9184
- Add token and token_type_hint to OAuth2ParameterNames #9183
- ๐ Introduce JwaAlgorithm #9182
- ๐ WithSecurityContextTestExecutionListener Should Support Nested Classes #9179
- โ Add WebFlux Documentation for Multiple Filter Chains #9178
- ๐ SAML 2.0 Asserting Party Metadata resolution should read SigningMethod elements #9177
- ๐ Enable customization of BearerTokenResolver by adding a setter for JwtClaimIssuerConverter on JwtIssuerAuthenticationManagerResolver #9168
- ๐ Reactive doc points to unit tests #9157
- ๐ Invoke Kotlin MockMvc result matchers with parentheses #9155
- ๐ Change guard expressions order #9153
- ๐ It is not necessary to fetch all user sessions if unlimited sessions are set in the ConcurrentSessionControlAuthenticationStrategy. #9152
- โ Add refresh token expiration support #9146
- ๐ JwtIssuerValidator handles issuer (iss) claim values as Strings and URLs #9137
- ๐ OpenSamlAuthenticationProvider should decrypt attributes #9131
- โก๏ธ Update snapshot build dependencies #9124
- ๐ spring-security-test should include jackson-datatype-jsr310 as a test dependency #9123
- โก๏ธ Update to Gradle 6.6.1 #9122
- ๐ Use LobHandler in JdbcOAuth2AuthorizedClientService #9070
- ๐ Changed metadata converter to accept files as well #9056
- โ Add HSM Support for Decrypting Assertions #9055
- ๐ File-based Configuration for Asserting Party Metadata #9028
- ๐ Prevent PR builds from running on forks #8993
- ๐ Provide a R2dbc implementation of ReactiveOuath2AuthorizedClientService #8765
- โ Add support for dynamic JWS signature algorithm with JWKs (2) - Issue 7160 #8752
- ๐ Support customization of BearerTokenResolver in JwtIssuerAuthenticationManagerResolver #8535
- ๐ Provide reactive JDBC implementation of ReactiveOAuth2AuthorizedClientService #7890
- ๐ JwtDecoders and ReactiveJwtDecoders should determine algorithm from JWK Set Endpoint #7160
- ๐ OAuth2Token interface for AbstractOAuth2Token #5502
๐ฑ ๐ Bug Fixes
- ๐ [docs]Add white space before strong notation. #9145
- ๐ Bug with JwtValidators.createDefaultWithIssuer(String)? #9136
- ๐ Tests should not combine Authentication and @AuthenticationPrincipal #9121
- ๐ Closes gh-8196 appendix indentation #9118
- ๐ Fixes in documentation #9099
โฌ๏ธ ๐จ Dependency Upgrades
- ๐ Set rsocketVersion to 1.1.0 #9167
- ๐ Set reactorVersion to 2020.0.+ #9166
- ๐ Set springVersion to 5.3.+ #9165
๐ฑ โค๏ธ Contributors
๐ We'd like to thank all the contributors who worked on this release!
-
v5.4.2 Changes
December 03, 2020๐ฑ โญ New Features
๐ฑ ๐ Bug Fixes
- ๐ Tests should not combine Authentication and @AuthenticationPrincipal #9255
- โ Remove empty Appendix Section from docs #9253
- ๐ CookieRequestCache handles URL encoded query parameters incorrectly #9252
- ๐ Improve Metadata URL Documentation #9251
โฌ๏ธ ๐จ Dependency Upgrades
-
v5.4.1 Changes
October 07, 2020๐ฑ โญ New Features
- ๐ Replace expired msdn link with latest web archive copy #9050
- โ Add documentation for StrictHttpFirewall enhancements #9038
- ๐ Replace Tomcat6 URL for SSL Guide to Tomcat 10 #9034
- ๐ Use AssertJ for exception testing #9013
๐ฑ ๐ Bug Fixes
- โ Add try-with-resources to close stream #9053
- ๐ RelyingPartyRegistrations Fails to Read Keycloak Metadata #9051
- ๐ fix miswritten comment of FormLoginDsl.kt #9042
- ๐ Adapt to WebClient's new exception wrapping #9031
- ๐ StandardInterceptUrlRegistry should not refer to ExpressionUrlAuthorizationConfigurer #9026
- ๐ Fix broken Mono chain #9022
- ๐ Use Schedulers.boundedElastic for UUID.randomUUID #9021
- ๐ CookieServerCsrfTokenRepository#createNewToken should use Schedulers.boundedElastic #9018
- ๐ WebSessionServerCsrfTokenRepository#generateToken() don't use Schedulers.boundedElastic() #9017
- ๐ NullPointerException SessionRegistryImpl.onApplicationEvent(SessionRegistryImpl.java:111) #9011
- ๐ Quick javadoc fix for DelegatingPasswordEncoder #8890
๐ฑ โค๏ธ Contributors
๐ We'd like to thank all the contributors who worked on this release!
-
v5.4.0 Changes
September 09, 2020๐ฑ โญ New Features
- โ Add What's New in 5.4 #9002
- โ Add What's New in 5.4 Section to Docs #9001
- โ Add Resource Server Servlet Logging #9000
- ๐ Simplify saml2Login Samples #8990
- โ Remove Framework Tests from saml2Login Sample #8989
- โ Add authenticationManagerResolver to resource server Kotlin DSL #8981
- ๐ Generalize SAML 2.0 Assertion Validation Support #8970
- โก๏ธ Update abstract-authentication-processing-filter.adoc #8965
- โ Add spring-javaformat checkstyle and formatting #8946
- โ Add hasAnyRole and hasAnyAuthority to authorizeRequests in Kotlin DSL #8926
- โ Add hasAnyAuthority(String...) and hasAnyRole(String...) to authorizeRequests in Kotlin DSL #8892
- ๐ Resolve oauth2 client-id, client-secret placeholders #8880
- ๐ Restructure SAML 2.0 documentation #8763
- ๐ security:client-registrations doesn't take propertyconfigurer properties #8453
๐ฑ ๐ Bug Fixes
- ๐ Clickjacking demo in docs: YouTube link in X-Frame-Options section leads to private video #8986
- ๐ NoClassDefFoundError: AuthMetadataFlyweight at o.s.s.r.m.SimpleAuthenticationEncoder #8948
- ๐ SAML attributes not parsed correctly with prefixed XML elements #8864
- ๐ Don't use oidc scopes_supported for scope as default in ClientRegistrations #8790
- ๐ scopes_supported metadata should not be used as default in ClientRegistrations #8514
โฌ๏ธ ๐จ Dependency Upgrades
๐ฑ โค๏ธ Contributors
๐ We'd like to thank all the contributors who worked on this release!
-
v5.4.0-RC1 Changes
August 05, 2020๐ฑ โญ New Features
- ๐ Deprecate CustomUserTypesOAuth2UserService #8908
- ๐ Deprecate ClientRegistration.redirectUriTemplate #8906
- ๐ Allow for custom ClientRegistration.clientAuthenticationMethod #8903
- ๐ Deprecate ImplicitGrantConfigurer #8902
- โ Remove use of Mono.deferWithContext() #8901
- ๐ Consider adding RelyingPartyRegistrationResolver #8887
- โ Add HttpMessageConverter that constructs a RelyingPartyRegistration #8877
- ๐ RelyingPartyRegistration should default the ACS Location #8876
- โก๏ธ Update SimpleSaml2AuthenticatedPrincipal class name #8861
- ๐ Introduce AuthenticationConverterServerWebExchangeMatcher #8854
- ๐ Make class SimpleSaml2AuthenticatedPrincipal public #8852
- ๐ Support custom filter in Server Kotlin DSL #8850
- ๐ Saml2AuthenticationToken should take a RelyingPartyRegistration #8845
- ๐ Wording changes #8832
- ๐ -gh 8784 Document improvement for WebSecurityConfigure #8825
- ๐ Consider making BearerTokenServerWebExchangeMatcher public and more generic #8824
- โ Add custom HeaderWriter in Kotlin DSL #8823
- โ Add Static Factories to Saml2X509Credential #8822
- ๐ Allow disabling headers in Kotlin DSL #8816
- โ Remove need for WebSecurityConfigurerAdapter #8805
- ๐ Configure HTTP Security without extending WebSecurityConfigurerAdapter #8804
- ๐ Fix #8693 Support SAML 2.0 SP Metadata Endpoints #8795
- โ Add Static Factories to Saml2X509Credential #8789
- ๐ RelyingPartyRegistration Credentials Should Be Split by Party #8788
- ๐ Support custom filter in Server Kotlin DSL #8783
- ๐ mongolian translation for messages.properties #8780
- ๐ Mongolian translation required for messages.propeperties #8778
- ๐ RelyingPartyRegistration should use metadata spec language #8777
- ๐ ACS Binding should be in RelyingPartyRegistration #8776
- โ Remove OpenSamlImplementation #8775
- ๐ OpenSamlAuthenticationRequestFactory should use OpenSAML directly #8774
- ๐ OpenSamlAuthenticationProvider should use OpenSAML directly #8773
- ๐ OpenSAML should get initialized as part of container lifecycle #8772
- ๐ SAML Assertion validation fails when OneTimeUse condition is sent from the IdP #8769
- ๐ Improve error message when invalid content-type for UserInfo response #8764
- ๐ Simplify retrieving Introspection-specific attributes #8740
- ๐ Reactive SwitchUserWebFilter for user impersonation #8687
- ๐ Change getMethod() to return configured value in SimpleSavedRequest #8675
- ๐ gh-8589 Additional Jwt validation debug messages #8665
- โ Adds cookie based RequestCache #8653
- ๐ Missing Reactive SwitchUserWebFilter for user impersonation #8599
- ๐ Use String to specify custom HTTP method in mock request #8592
- โ Add logging #8589
- ๐ Support for dynamic configuration using IDP metadata URL for SAML SSO integration #8484
- ๐ SAML Authentication Provider assertions #8471
- ๐ Throw exception when specified ldif file does not exist #8434
- ๐ SAML: Add RequestedAuthnContext to AuthnRequest in OpenSamlAuthenticationRequestFactory #8141
- โ Add request cache that uses cookie #8034
- ๐ No log message or exception if expected ldif file does not exist #7791
๐ฑ ๐ Bug Fixes
- ๐ Move RSocket Integration Tests to integration tests #8944
- ๐ Fix snapshot build failure related to reactor-netty #8909
- ๐ Resolve Bearer token after subscribing to publisher #8894
- ๐ ServerBearerTokenAuthenticationConverter throws exceptions instead of signalling error #8865
- โก๏ธ Update README.adoc #8851
- ๐ Saml2Error should be in a core package #8835
- ๐ Fix #8797: Add OAuth2AuthenticationException to allowlist #8827
- ๐ CookieRequestCache "REDIRECT_URI" removed by any request #8820
- ๐ use CookieRequestCache something went wrong #8817
- ๐ LoginPageGeneratingWebFilter should honor context path #8807
- ๐ Fix ProviderManager Javadoc typo #8800
- ๐ OAuth2AuthenticationException should be in allowlist #8797
- ๐ tutorial uses hasRole but should use hasAuthority #8796
- ๐ Saml2WebSsoAuthenticationFilter does not follow standard patterns for request matching. #8768
- ๐ Bearer Token Padding #8511
- ๐ Resolved bearer token has no padding indicators #8502
๐ฑ โค๏ธ Contributors
๐ We'd like to thank all the contributors who worked on this release!
-
v5.4.0-M2 Changes
July 01, 2020๐ฑ โญ New Features
- โ Add reified function variants to security DSL #8771
- ๐ OAuth2AccessTokenResponse.Builder.expiresIn works after withResponse #8766
- ๐ LDAP Integration Tests Should Use Random Port #8762
- ๐ Use memory-saving Collections.singletonList in JdbcAclService.readAclById() #8756
- ๐ Merge Spring security with dependencies #8755
- โ Add Configurable secure flag in CookieCsrfTokenRepository #8749
- ๐ Fix typo in OAuth2AccessTokenResponse #8746
- ๐ Allow customizing
JWTProcessorpassed toNimbusJwtDecoder#8745 - ๐ Use Spring Snapshots in Snapshot Build Again #8712
- โก๏ธ Update pipeline to run for PRs to all branches #8711
- โ Remove Travis pipeline and README badge #8710
- ๐ Reject the NULL character in paths in StrictHttpFirewall #8703
- ๐ OAuth2AccessTokenResponse.expiresIn() is ignored when initialized from another response #8702
- ๐ OAuth2AuthorizedClientArgumentResolver could use OAuth2AuthorizedClientManager registered in context #8700
- ๐ Kotlin Configuration DSL: Use reified types wherever a class is used as a parameter #8697
- ๐ ProviderManager Should Use CollectionUtils#contains #8695
- ๐ ProviderManager#checkState() throws NullPointerException #8689
- ๐ Set up Github Actions pipeline for PRs #8680
- ๐ Deprecate X-Frame-Options ALLOW-FROM #8677
- ๐ Replace whitelist/blacklist with allowlist/blocklist #8676
- ๐ Register OAuth2AuthorizedClientArgumentResolver for XML Config #8669
- ๐ Getting response attributes from Saml2AuthenticatedPrincipal #8667
- ๐ Ability to easily read attribute values from SAML response #8661
- ๐ DefaultOAuth2AuthorizationRequestResolver Should Not Consume Request Body #8651
- ๐ StrictHttpFirewall: Validate headers and parameters #8644
- ๐ JwtDecoder should use Nimbus multiple-algorithm support #8623
- โ Remove ClientRegistrationRepository Mock Beans from Samples #8606
- ๐ oauth2Client Test Support should not require an HttpSessionOAuth2AuthorizedClientRepository #8603
- โ Add tokenFromMultipartDataEnabled to server CSRF Kotlin DSL #8602
- โ Add ServerRequestCache setter in OAuth2AuthorizationCodeGrantWebFilter #8587
- ๐ FilterInvocation Support Default Methods on HttpServletRequest #8566
- โก๏ธ Update to JQuery 3.5.1 #8557
- ๐ Saml2WebSsoAuthenticationRequesFilter should be post-processed #8552
- ๐ Move TestRelyingPartyRegistrations #8551
- ๐ Configuration defaults to SessionRegistry bean #8548
- ๐ Update BCryptPasswordEncoder documentation with default strength #8542
- ๐ authorization_code grant should use same ServerRequestCache #8536
- Avoid using "/path/**/other" patterns in WebFlux PathPatternParser #8513
- โ Add debug logging to Reactive Web #8504
- โ Add issuerUri to ClientRegistration.providerDetails #8501
- ๐ Use Opaquetoken properties to configure timeouts #8488
- โก๏ธ Update Traditional Chinese translation. #8483
- ๐ Allow port=0 for ApacheDSContainer #8416
- ๐ Throw exception if URL does not include context path when context relative #8399
- โ Added setter to make RequestCache injectable #8392
- ๐ Consider adding ClientRegistration.providerDetails.issuerUri #8326
- ๐ Merge Project Modules and Dependencies Section of the docs #8199
- โ Add RequestCache setter in OAuth2AuthorizationCodeGrantFilter #8120
- ๐ formLogin() does not work with REST Docs #7572
๐ฑ ๐ Bug Fixes
- ๐ SwitchUserFilter.setExitUserMatcher Javadoc is incorrect #8744
- ๐ SwitchUserFilter.setUserDetailsChecker is missing Javadoc #8743
- ๐ Fix SecurityContext creation for TEST_EXECUTION #8738
- ๐ ReactorContext not available in PayloadSocketAcceptor delegate.accept #8654
- ๐ DefaultWebSecurityExpressionHandler uses RoleHierarchy bean #8652
- ๐ DefaultOAuth2AuthorizationRequestResolver erroneously consumes POST request body #8650
- ๐ Fix broken link in spring security reference document #8618
- ๐ Delay AuthenticationPrincipalArgumentResolver Lookup #8613
- ๐ OAuth2AuthorizationCodeGrantWebFilter should handle OAuth2AuthorizationException #8609
- ๐ spring-security-oauth2-client:5.3.2 and spring-boot-starter-test:2.3.0 clash over version of transitive dependency json-smart #8608
- ๐ Fix typos in BCryptPasswordEncoder documentation #8586
- ๐ Fixing typo in SAML 2.0 Sample README #8581
- ๐ Message Compose in JavaConfig hellojs Sample Fails #8556
- ๐ Java Config hellojs Sample Login Fails #8555
- ๐ XML OpenID sample should POST to logout #8554
- โ Remove unused field 'digester' in Md4PasswordEncoder #8553
- ๐ Polish JDBC Authentication documentation #8550
- ๐ Fix Kotlin Sample Documentation #8540
- ๐ Object ID Identicy conversion to long fails on old schema #8538
- ๐ Create the CSRF token on the bounded elactic scheduler #8534
- ๐ Fix AntPathRequestMatcher Javadoc #8512
- ๐ Document NoOpPasswordEncoder will not be removed #8508
- ๐ Document NoOpPasswordEncoder will not be removed #8506
- ๐ Fix code snippets to configure timeouts #8487
- ๐ Fix non-standard HTTP method for CsrfWebFilter #8452
- ๐ Blocking in WebSessionServerCsrfTokenRepository #8128
- ๐ Object ID Identity conversion to long fails on old schema #7621
- ๐ RoleHierarchy is not used by AbstractAuthorizeTag #7059
- ๐ Prevent StackOverflowError for AccessControlEntryImpl.hashCode #6820
- ๐ ACL : AclImpl.hashCode leads to StackOverflowError #5401
โฌ๏ธ ๐จ Dependency Upgrades
- โก๏ธ Update to Spring Boot 2.4.0-M1 #8787
- โก๏ธ Update to Kotlin 1.3.72 #8786
- โก๏ธ Update to Google App Engine 1.7.80 #8785
- ๐ Update to spring-build-conventions:0.0.33.RELEASE #8759
- โก๏ธ Update to Spring Boot 2.3.0 #8605
- โก๏ธ Update to Gradle 6.4.1 #8604
- ๐ Update to spring-build-conventions:0.0.32.RELEASE #8499
๐ฑ โค๏ธ Contributors
๐ We'd like to thank all the contributors who worked on this release!
- @dkodippily
- @islamazhar
- @thomasturrell
- @eamelink
- @gonozalviii
- @benba
- @evgeniycheban
- @Maxvgrad
- @mengelbrecht
- @yoshikawaa
- @jrehwaldt
- @mouellet
- @candrews
- @cbornet
- @dadikovi
- @AndreasVolkmann
- @yukihane
- @tan9
- @unix1982
- @eleftherias
- @justmehyp
- @atarynin
- @ractive
- @sgilson
- @elliedori
- @kostic017
- @michaldo
- @parikshitdutta
- @MGabr
- @stsypanov
- @ThomasVitale
-
v5.4.0-M1 Changes
May 06, 2020๐ฑ โญ New Features
- ๐ Jenkins does not need to build on JDK 9 and 10 #8482
- ๐ Upgrade Freefair AspectJ plugin to v5.0.1 #8456
- ๐ AesBytesEncryptor constructor that uses secret key #8443
- ๐ Rename Preface to Introduction #8411
- ๐ TestSaml2X509Credentials should only return Saml2X509Credential instances #8404
- ๐ Saml2CryptoTestSupport and TestSaml2AuthenticationObjects should be one class #8403
- ๐ Allow creating AesBytesEncryptor with key #8402
- โ Add Flag to enable searching of LDAP groups on subtrees #8400
- ๐ Documented dependencies for opaque Resource Server #8394
- ๐ Allow expose JwtAuthenticationConverter as a bean for Resource Server #8379
- ๐ Use Kotlin DSL Marker Annotations to prevent scope leaking in WebFlux DSL #8366
- ๐ Saml2AuthenticationRequestContext should be extendible #8356 #8364
- โ Add constructors receiving AuthenticationManager #8362
- ๐ Allow the ability to configure AuthoritiesMapper in Reactive OAuth2Login #8361
- ๐ Saml2WebSsoAuthenticationRequestFilter should not use OpenSamlAuthenticationRequestFactory by default #8359
- ๐ Validate ID Token Issuer #8357
- ๐ Saml2AuthenticationRequestContext should be extendible #8356
- โ Add authorize() DSL method that accepts HttpMethod #8350
- ๐ Allow custom header during bearer token extraction #8341
- ๐ Allow specify header in ServerBearerTokenAuthenticationConverter #8337
- ๐ Provide possibility to use custom cache to store JWK Set #8332
- โ Adding Map support to DefaultMethodSecurityExpressionHandler #8331
- ๐ BCryptPasswordEncoder rawPassword cannot be null #8330
- ๐ Allow the ability to configure AuthoritiesMapper in Reactive OAuth2Login #8324
- ๐ Open ID Connect ID Token Issuer not validated #8321
- โ Add addFilterAfter and addFilterBefore to Kotlin DSL #8319
- โ Added setPrincipalClaimName to JwtAuthenticationConverter #8318
- ๐ BCryptPasswordEncoder.encode() throws NPE #8317
- ๐ HttpSecurityDsl does not support addFilterBefore and addFilterAfter #8316
- ๐ AuthorizeRequestsDsl doesn't allow HTTP Method to be specified #8307
- ๐ SpringTestContext returns ConfigurableWebApplicationContext #8233
- ๐ Clarify use case for
ServerBearerExchangeFilterFunction#8220 - ๐ Update Encryptors documentation for standard and stronger #8208
- ๐ Upgrade to Gradle Enterprise Plugin 3.2 #8205
- โ Add Figures to Resource Server Docs #8184
- โ Add Figures to Resource Server Docs #8182
- ๐ Document JwtGrantedAuthoritiesConverter #8176
- ๐ Fix userNameAttribute property case style #8171
- ๐ userNameAttribute case style is different others #8169
- ๐ Polish SAML 2.0 Login Sample #8163
- ๐ Document AuthorizedClientServiceOAuth2AuthorizedClientManager #8152
- ๐ Assign sensible default for OAuth2AuthorizedClientProvider #8150
- ๐ OpenSamlImplementation should not use reflection #8147
- ๐ Allow port=0 for LDAP Servers #8139
- ๐ LDAP server configuration should support port=0 #8138
- ๐ Use io.spring.gradle-enterprise-conventions #8115
- ๐ Replace VersionsResourceTasks with WriteProperties #8114
- ๐ Improve Build Performance #8113
- ๐ Document OAuth 2.0 Login XML Support #8110
- ๐ Fix exception from empty basic auth header token #8109
- ๐ Fix typo 'properites' -> 'properties' in documentation #8096
- ๐ Document AuthenticationEventPublisher improvements #8081
- ๐ Document AuthNRequest POST binding support #8079
- ๐ Document AuthNRequest signature support #8078
- ๐ Document OAuth 2.0 Resource Server XML Support #8077
- ๐ Document Jackson serialization support for OAuth 2.0 Client #8075
- ๐ Document OAuth 2.0 Client XML Support #8074
- ๐ Document OAuth2Authorization success and failure handlers #8073
- ๐ Document OIDC Logout Success Handler Improvements #8072
- ๐ Document OAuth 2.0 Authorization Request improvements #8071
- โ Add OAuth 2.0 Test Support Docs #8050
- โ Add server request cache that uses cookie #8033
- ๐ Basic auth header without user results in exception #7976
- โ Add RequestRejectedHandler #7052
- ๐ OAuth2LoginAuthenticationProvider uses OAuth2AuthorizationCodeAuthenticationProvider #5633
- ๐ Idiomatic Kotlin DSL for configuring HTTP security #5558
- ๐ SessionRegistryImpl is now aware of SessionIdChangedEvent #5439
- ๐ SessionRegistryImpl is not aware of SessionIdChange events. #5438
- ๐ SwitchUserFilter vulnerable to CSRF #4183
๐ฑ ๐ Bug Fixes
- ๐ Fix Javadoc punctuation #8480
- ๐ Fixed typos in documentation #8454
- ๐ Support update when saving with JdbcOAuth2AuthorizedClientService #8435
- โก๏ธ JdbcOAuth2AuthorizedClientService should support update when saving #8425
- ๐ OAuth2 Resource Server docs not in sync - authorityPrefix can't be set to "" #8421
- ๐ ActiveDirectoryLdapAuthenticationProvider uses InternalAuthenticationServiceException #8418
- ๐ Fix mismatch between CONTRIBUTING.adoc and .editorconfig #8417
- ๐ Fix Documentation to Refer to BasicAuthenticationFilter #8414
- โ Add ROLE_INFRASTRUCTURE to infrastructure beans #8407
- ๐ Fix typo with correct capitalization #8406
- ๐ Global ServerSecurityContextRepository ignored by logout #8375
- ๐ Fix example in javadoc of FilterChainProxy #8344
- ๐ Fix typo in Javadoc of ServerHttpSecurity#hasAuthority #8336
- ๐ Fixes gh-8187 : OAuth2 ClientRegistrations UserInfo endpoint NPE fix #8206
- ๐ OAuth2 ClientRegistrations NPE when UserInfo endpoint missing #8187
- ๐ Fix OAuth2AuthorizationRequest additionalParameters/attributes Consumer #8177
- ๐ Make OAuth2ErrorHttpMessageConverter more resilient #8157
- ๐ RSocket test should throw AccessDeniedException #8154
- ๐ Fix typo in Javadoc of HttpSecurity#csrf() #8130
- ๐ Fix Documentation to Refer to BasicAuthenticationFilter #8119
- ๐ oauth2Login WebFlux should not auto-redirect for XHR request #8118
- ๐ NPE thrown when token response contains a null value #8108
- ๐ HttpServletRequest.logout() not functioning #4760
- ๐ Java Doc of org.springframework.security.config.annotation.web.builders.HttpSecurity contains grammatical errors #4404
โฌ๏ธ ๐จ Dependency Upgrades
- โก๏ธ Update to aspectj-plugin:4.1.6 #8305
๐ฑ โช Non-passive
- ๐ Transfer session's max inactive interval in SessionFixationProtectionStrategy #5441
- ๐ SEC-2470: SessionFixationProtectionStrategy should migrate maxInactiveInterval #2693
๐ฑ โค๏ธ Contributors
๐ We'd like to thank all the contributors who worked on this release!
- @ahrytsiuk
- @pgerhard
- @leonard84
- @20fps
- @antonin-arquey
- @wilkinsona
- @souphorn
- @alan-czajkowski
- @bberto
- @evgeniycheban
- @shazin
- @mengelbrecht
- @evpaassen
- @hotire
- @dadikovi
- @VonUniGE
- @martinnemec3
- @maxtacco
- @jzheaux
- @bigdaz
- @corneliouzbett
- @furti
- @eleftherias
- @zeeshanadnan
- @TJReinert
- @mustafau
- @komuro-hiraku
- @aj-jaswanth
- @stavshamir
- @adamu
- @HomoEfficio
-
v5.3.6.RELEASE Changes
December 03, 2020 -
v5.3.5.RELEASE Changes
October 07, 2020 -
v5.3.4.RELEASE Changes
August 05, 2020๐ฑ โญ New Features
- โ Add logging #8888
- ๐ Document improvement for configure(WebSecurity web) and configure(HttpSecurity http) #8855
- ๐ formLogin() does not work with REST Docs #8748
- ๐ Use Github Actions PR pipeline and remove Travis for 5.3.x #8724
๐ฑ ๐ Bug Fixes
- ๐ ServerBearerTokenAuthenticationConverter throws exceptions instead of signalling error #8896
- ๐ OAuth2AuthenticationException should be in allowlist #8863
- ๐ Resolved bearer token has no padding indicators #8837
- ๐ Fix ProviderManager Javadoc typo #8811
- ๐ LoginPageGeneratingWebFilter should honor context path #8808
- ๐ OAuth2 Resource Server docs not in sync - authorityPrefix can't be set to "" #8803
- ๐ RoleHierarchy is not used by AbstractAuthorizeTag #8678
- ๐ OAuth2AuthorizationCodeGrantWebFilter should handle OAuth2AuthorizationException #8672
- ๐ ReactorContext not available in PayloadSocketAcceptor delegate.accept #8655
โฌ๏ธ ๐จ Dependency Upgrades
- ๐ Update to spring-build-conventions:0.0.34.RELEASE #8925
- ๐ Update to nohttp 0.0.5.RELEASE #8924
- โก๏ธ Update to GAE 1.9.81 #8923
- ๐ Update to Spring Boot 2.2.9.RELEASE #8922
- ๐ Update to spring-build-conventions:0.0.33.RELEASE #8760
๐ฑ โค๏ธ Contributors
๐ We'd like to thank all the contributors who worked on this release!